GOVERNMENT ICT STANDARDS
|
|
- Jayson Willis
- 5 years ago
- Views:
Transcription
1 GOVERNMENT ICT STANDARDS Cloud Computing Standard First Edition 2016 ICTA 2016 All rights reserved
2
3 CONTENTS ICTA STANDARDS DESCRIPTION 4 DOCUMENT CONTROL 6 FOREWORD 7 INTRODUCTION 8 SCOPE 9 APPLICATION 9 NORMATIVE REFERENCES 9 DEFINITIONS 10 Cloud computing 10 Interoperability 10 Privacy 10 Software as a Service (SaaS) 10 Platform as a Service (PaaS) 10 Infrastructure as a Service (IaaS) 10 Private Cloud 10 Community Cloud 10 Public Cloud 10 Hybrid Cloud 10 ABBREVIATIONS 11 SUB DOMAINS 12 REQUIREMENTS 12 ANNEXES 13 Annex A.1 Cloud Service Selection (PaaS, SaaS, IaaS) 13 Annex 2:Cloud deployment model selection (public, private, hybrid, community cloud) 14 Annex 3:Service level Agreement 15 APPENDICES 18 APPENDIX I: Risk assessment checklist 18 Appendix II Checklist for cloud service selection 20 APPENDIX III Checklist for selecting cloud deployment model 21 APPENDIX III Checklist for SLA 22 Appendix IV: Related Documents 26 3
4 ICTA STANDARDS DESCRIPTION S/No Thematic Area Standards 1 Infrastructure Network Standard Data Center Standard Cloud Computing Standard Brief Description Provides compliant requirements for design, installations and management of all categories of IT Networks to be deployed in government. Provides compliant requirements for design, installations and management of government data centers Provides compliant requirements for design, installations and management of cloud computing infrastructures for government 2 Systems & Applications End-User Equipment Standards ICTA-6.001:2016 Systems & Applications Standard Provides the minimum specifications for all computing devices being deployed in government Provides compliant requirements for design, installations and management of all government Software and applications Systems. 3 IT Security ICTA-3.001:2016 Information Security Standard Provides compliant requirements for design, installations and management of Information Technology Security in government. 4 Electronic records management 5 IT Governance 6 ICT Human Capacity ICTA-4.001: 2016 Electronic records and Data Management Standard ICTA : 2016 IT Governance Standard ICTA.7.001:2016 ICT Human Capital and Work force Development Standard Provides compliant requirements for management of government electronic records and data Provides compliant requirements for IT Governance in government. This includes compliance requirements for government IT service providers and Professional Staff. Provides compliant requirements for development of Human Capital capacity for deployment and support for government ICT infrastructure and services. 4
5 REVISION OF ICT STANDARDS In order to keep abreast of progress in industry, ICTA Standards shall be regularly reviewed. Suggestions for improvements to published standards, addressed to the Chief Executive Officer, ICT Authority, are welcome. ICT Authority 2016 Copyright. Users are reminded that by virtue of Section 25 of the Copyright Act, Cap. 12 of 2001 of the Laws of Kenya, copyright subsists in all ICTA Standards and except as provided under Section 26 of this Act, no standard produced by ICTA may be reproduced, stored in a retrieval system in any form or transmitted by any means without prior permission in writing from the Chief Executive Officer. DOCUMENT CONTROL 5
6 Document Name: Prepared by: Edition: Approved by: Cloud Computing Standard ICTA Cloud Computing Standard Technical Committee First Edition Board of Directors Date Approved: 11 th August 2016 Effective Date: 1 st October 2016 Next Review Date: After 3 years 6
7 FOREWORD The ICT Authority has express mandate to, among others, set and enforce ICT standards and guidelines across all aspects of information and communication technology including systems, infrastructure, processes, human resources and technology for the public service. The overall purpose of this specific mandate is to ensure coherence and unified approach to acquisition, deployment, management and operation of ICTs across the public service, including state agencies, in order to promote service integration, adaptability and cost savings through economies of scales in ICT investments. In pursuit of achievement of this mandate, the Authority established a Standards Committee to identify the critical standards domain areas as well as oversee the standards development process. A total of Nine Standards falling under six different domain areas were identified by the committee to be relevant for government ICT Standards. The development of all the identified standards was done through a process which took into consideration international requirements, government requirements, stakeholder participation as well as industry/sector best practices. In order to conform to the format of other existing national standards, the committee adopted the Kenya Bureau of Standards (KEBS) format and procedure for standards development. In addition, through Memoranda of Understanding, KEBS has made invaluable contribution to the development of ICT Authority standards. The ICTA Cloud Computing Standard, which falls under the overall Government Enterprise Architecture (GEA), has therefore been prepared in accordance with KEBS standards development guidelines. The Authority has the oversight role and responsibility for management and enforcement of this standard. The review and approval of the standard is done by the ICTA Board upon recommendation of Standard Review Board. The Authority shall be carrying out quarterly audits in all the Ministries, Counties, and Agencies (MCA) to determine their compliance to this Standard. The Authority will issue a certificate of compliance to agency upon completion of the audit assessment. For non-compliant agencies, a report detailing the extent of the deviation and the prevailing circumstances shall be tabled before the Standards Review Board who will advise on action to take. All government agencies are required to ensure full compliance to this standard for effective and efficient service delivery to the citizen. Kipronoh Ronoh P. Director, Programmes and Standards 7
8 INTRODUCTION Cloud computing is a concept that refers to services, applications, and data storage delivered online through powerful file servers interconnected through the internet infrastructure. It allows consumers and businesses to use applications without installation and access their data and information at any computer with internet access. This technology allows for much more efficient computing by centralizing data storage, processing and bandwidth. NIST specify five characteristics of cloud computing: a. On-demand self-service involves customers using a web site or similar control panel interface to provision computing resources such as additional computers, network bandwidth or user accounts, without requiring human interaction between customers and the vendor. b. Broad network access enables customers to access computing resources over networks such as the Internet from a broad range of computing devices such as laptops and smartphones. c. Resource pooling involves vendors using shared computing resources to provide cloud services to multiple customers. Virtualization and multi-tenancy mechanisms are typically used to both segregate and protect each customer and their data from other customers, and to make it appear to customers that they are the only user of a shared computer or software application. d. Rapid elasticity enables the fast and automatic increase and decrease to the amount of available computer processing, storage and network bandwidth as required by customer demand. e. Pay-per-use measured service involves customers only paying for the computing resources that they actually use, and being able to monitor their usage. This is analogous to household use of utilities such as electricity. Cloud computing is a new concept in the market and its adoption has been slow but steady due to slow pace in standardisation, security concerns, continous evolution and compliance concerns. Despite this setbacks, cloud computing offers a number of benefits such as: v Cloud computing solutions are scalable: agencies can purchase as much or as little resource as they need at any particular time. They pay for what they use. v Agencies do not have to make large capital outlays on computing hardware, or pay for the upkeep of that hardware. v Cloud computing provides economies of scale through all-of-government volume discounts. This is particularly beneficial for smaller ICT users. v Agencies can easily access the latest versions of common software, which deliver improved and robust functionality, and eliminating significant costs associated with version upgrades. v If agencies are able to access the same programmes, and up-to-date versions of those programmes, this will improve resiliency and reduce productivity losses caused when applications are incompatible across agencies This ICTA standard outlines the various considerations for Ministries, counties and agencies in the selection of cloud computing services and models such as IaaS, SaaS, Paas and public cloud, private cloud, community cloud and hybrid cloud. 8
9 SCOPE This standard shall provide guidelines on deployment and selection of cloud based computing products and services. This standard guides the MCAs as consumers of cloud services from vendors. APPLICATION This standard shall be applicable to the following: v Central Government of Kenya v County Governments v Constitutional Commisions v State Corporations NORMATIVE REFERENCES The following standards contain provisions which, through reference in this text, constitute provisions of this standard. All standards are subject to revision and, since any reference to a standard is deemed to be a reference to the latest edition of that standard, parties to agreements based on this standard are encouraged to take steps to ensure the use of the most recent editions of the standards indicated below. Information on currently valid national and international standards can be obtained from Kenya Bureau of Standards. v v v v v v v v v IEEE P2301 & 2302 DRAFTS ITU FG technical report on cloud NIST special publication on cloud Virtualization Framework (OVF), Virtual Hard Disk (VHD). Cloud Data Management Interface (CDMI) SOAP and REST Amazon Web Services Identity Access Management (AWS IAM), OAuth, OpenID, WS- Security. OASIS 9
10 DEFINITIONS For the purposes of this ICTA Standard the following definitions, abbreviations and symbols apply: Cloud computing Cloud computing is a concept that refers to services, applications, and data storage delivered online through powerful file servers interconnected through the internet infrastructure. Interoperability Interoperability typically refers to the ability to easily move workloads and data from one cloud provider to another or between private and public clouds Privacy Information privacy is the assured, proper, and consistent collection, processing, communication, use and disposition of disposition of personal information (PI) and personally-identifiable information (PII) throughout its life cycle. (Source: adapted from OASIS) Software as a Service (SaaS) The capability provided to the consumer is to use the providers applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based ). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Popular SaaS offerings include and collaboration and customer relations management (Source: NIST CC Definition) Platform as a Service (PaaS) The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. (Source: NIST CC Definition) Infrastructure as a Service (IaaS) The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). (Source: NIST CC Definition) Private Cloud The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. (Source: NIST CC Definition) Community Cloud The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. (Source: NIST CC Definition) Public Cloud The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. (Source: NIST CC Definition). Hybrid Cloud The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds). (Source: NIST CC Definition 10
11 ABBREVIATIONS IaaS-Infrastructure as a service PaaS- Platform as a service SaaS- Software as a service NIST-National institute of science and technology SLA-Service level agreement PI Personal information PII- personal identifiable information MCA- Ministry, county, agency TCO- Total cost of ownership GoK- Government of kenya LAN-Local Area Network 11
12 SUB DOMAINS The following are the sub domains covered: Cloud service selection Cloud deployment model selection Service level agreements REQUIREMENTS This section provides cloud standards needed to guide MCAs in selecting a cloud service and the model of deployment. All MCAs shall develop operational manuals to institutionalize this standard Sub domain Description Requirements Cloud Service selection(paas, SaaS, IaaS) MCAs shall select a cloud service based on an obective business case Annex A.1 Cloud deployment model selection (public, private, hybrid, community cloud) MCAs shall select a cloud deployment model based on an obective business case Annex A.2 Service level Agreements MCAs shall have an SLA covering cost, Liability, Information security, Inter operability and portability, availability, performance, Sustainability, Privacy, Vendor lockin, integration Annex A.3 12
13 ANNEXES Annex A.1 Cloud Service Selection (PaaS, SaaS, IaaS) Subject 1.SaaS Business case 2. PaaS Business case Requirements a. MCAs shall not pursue a SaaS solution for an application if it requires specialized technical knowledge to operate and support, or requires customization that a SaaS vendor cannot offer, b. MCAs shall determine what reporting services the provider offers, and whether they are compatible with the business reporting requirements. Because SaaS involves giving up direct control of some of MCA data, accurate and useful reporting is especially important. c. MCAs shall consider the type and amount of data that will be transmitted to and from the application on a regular basis. Internet bandwidth pales in comparison to the gigabit Ethernet links commonly found in enterprise LANs, and data transmissions that take a few minutes to transfer between servers in the server room might take hours to transmit to and from a SaaS application located across the country. Because of this, MCAs shall consider a solution that takes network latency into consideration. An appliance-based solution, for example, might cache or batch. d. MCAs shall ensure the cloud service is accessible to persons with disability? e. Potential Saas include: v v office productivity suite v collaboration including IP telephony v customer relationship management a. MCAs shall consider platform as a service - if they are carrying out collaborative software development project that involve multiple agencies - If they are deploying applications that are to be shared by multiple users simultaneously b. When evaluating and choosing a PaaS provider, MCAs shall consider if the programming languages and server side technologies offered by the provider match their needs. c. MCAs shall ensure that providers meet the connectivity, storage and redundancy needs to ensure services availability. 13
14 3. IaaS Business case a. MCAs shall consider acquiring infrastructure as a service if they want a cloud based data center without requiring to install new equipment. b. MCAs shall ensure that IaaS providers meet the commonly used standards for access. These include: Xtensible Markup Language (XML), Representative State Transfer (REST), Simple Object Access Protocol (SOAP), and File Transfer Protocol (FTP) c. MCAs shall consider the burden to ICT staff for monitoring and managing applications in a cloud providers data centre in addition to those in the premises. This includes software patches, maintenace and upgrades. d. MCAs shall ensure that providers meet the connectivity, storage and redundancy needs to ensure services availability. e. MCAs shall take full advantage of pay-per-use pricing of the data center for IaaS. f. MCAs are discouraged from investment in private IaaS. Annex 2:Cloud deployment model selection (public, private, hybrid, community cloud) Subject 1.Public Cloud Business Case 2. Private Cloud Business Case 3. Community Cloud Business Case Requirements MCAs shall carry out a risk assessment based on Appendix 1 to determine the balance between cost and security of this model. This model has a variety of inherent security risks that need to be considered. It also has maximum potential cost efficiencies due to economies of scale. MCAs shall carry out a risk assessment based on Appendix 1 to determine the balance between cost and security of this model. This model has reduced potential cost efficiencies. However it has reduced potential security concerns. It also enables easier contract negotiations between the provider and consumers. MCAs shall consider this model if they have other MCAs with similar security requirements and in need of processing and storing data of similar requirements. This model attempts to obtain most of the security benefits of a private cloud, and most of the economic benefits of a public cloud. 14
15 4.Hybrid Cloud Business case MCAs shall establish a business case for this model. It Involves a combination of cloud models. An example is using commodity resources from a public cloud such as web servers to display nonsensitive data, which interacts with sensitive data stored or processed in a private cloud. Annex 3:Service level Agreement Subject General requirements Liability Information security Requirement a. The adoption of cloud services will require agencies to build new skills and capabilities into their workforce. In particular, agencies will require a high level of proficiency in procurement, contract negotiation and management, and supplier performance management to ensure value for money is realised. b. MCAs shall look to first adopt cloud services for those areas where the market has already achieved an acceptable level of maturity. Mature areas typically have begun to extend their focus from delivery pure functionality to additional attributes like security, availability, performance and interoperability. c. MCAs shall ensure SLAs cover issues such as ending the arrangement, dispute resolution, early warning of bankruptcy (or similar), compensation for data loss/misuse, change of control and assignment/ novation, change of terms at the discretion of the provider. a. MCAs shall ensure that data is stored in agreed locations, and is retrievable inside agreed timeframes b. MCAs shall retain control over any data or information that is placed in a cloud service and ensure it is adequately protected from loss c. MCAs shall carry out a risk assessment to determine the information security viability of migrating to a cloud. The checklist in Appendix 1 shall serve as a guide. d. MCAs shall ensure the provider is audited by a third party to determine their compliance with GoK information security standards. e. privacy of any data stored f. on a cloud computing service must be maintained in accordance with statutory/regulatory obligations g. The chosen solution should not require significant firewall rule changes. For example, port 80 and port 443 should be sufficient for the solution to function (these ports are usually open already). h. MCAs shall ensure data is permanently deleted from a provider s storage media when migrating i. MCAs shall be aware of Kenya legislative and regulatory requirements when storing personal data (e.g. the Kenya Information Privacy laws and the Public laws). j. MCAs shall ensure the location of the data is consistent with local legislation k. All stored and transmitted data must be encrypted l. Disaster Recovery expectations must be defined (e.g. worse case recovery commitment 15
16 Inter operability and portability a. The following requirements should be carefully considered when identifying a suitable solution: active directory integration single sign on b. MCAs shall ensure that the cloud provider supports open standards that guarantee:- - Workload migration where a workload that executes in one cloud provider can be uploaded in another cloud provider - Data migration: Data that resides in one cloud provider can be moved to another cloud provider - User authentication: User who has established an identity with a cloud provider can use the same identity with another cloud provider. - Workload management: Custom tools developed for cloud workload management can be used to manage multiple cloud resources from different vendors. c. MCAs shall ensure that the cloud deployment model supports common standards on: i. application interfaces; ii. portability interfaces; iii. management interfaces; iv. file formats; and operation conventions Availability MCAs shall ensure there is an SLA with the cloud provider for 99.99% during work days, 99.9% for nights/weekend Performance Service level agreements shall ensure maximum service response times Cost Sustainability Privacy MCAs shall consider the total cost of ownership (TCO) of a cloud service, compared to that of an equivalent on-premise service. For MCAs providing cloud services, the cost of deploying and maintaining cloud computing infrastructure is very huge and therefore there is need to be able to recover it back. MCAs shall select a chargeback model that adequately fits the consumers and Government needs i.e i. Pay - as -you- grow ii. Usage based pricing iii. Elasticity model MCAs shall ensure the cloud providers adheres to regulatory law in relation to privacy and public record-keeping requirements. MCAs shall consider any legal obligations they have towards customers or other parties, and whether cloud will allow them to continue to meet them. 16
17 Vendor lockin Integration a. MCAs shall ensure that the cloud solution supports quick entry quick exit low cost solutions. b. MCAs shall have an exit strategy in case they intend to change providers c. MCAs shall not pursue a solution if: A solution providers want months of preparation to assess agency needs or conduct training the solution involves an extended lock-in period for the agency the solution involves substantial financial investment The cost of the solution should be such that if the solution fails to satisfy agency requirements, it is considered low risk to terminate the service or try another service. d. In addition, the costs should be simple and straight forward. A convoluted pricing model is uncommon for cloud services and should be carefully considered during evaluation. MCAs shall ensure that migrating to cloud will meet any functional and dataintegration requirements the organization has in place. 17
18 APPENDICES APPENDIX I: Risk assessment checklist Data or functionality to be moved to the cloud is not business critical The provider audited by a third party to determine their compliance with GoK information security standards? Reviewed the vendor s business continuity and disaster recovery plan Maintain an up-to-date backup copy of data Data or business functionality will be replicated with a second vendor The network connection between me and the vendor s network is adequate The Service Level Agreement (SLA) guarantees adequate system availability Scheduled outages are acceptable both in duration and time of day Scheduled outages affect the guaranteed percentage of system availability Receive adequate compensation for a breach of the SLA or contract Redundancy mechanisms and offsite backups prevent data corruption or loss If a file or other data is accidentally deleted, the vendor can quickly restore it Increase use of the vendor s computing resources at short notice Easily move data to another vendor or in-house Easily move standardised application to another vendor or in-house My choice of cloud-sharing model aligns with my risk tolerance My data is not too sensitive to store or process in the cloud Meet the legislative obligations to protect and manage my data Know and accept the privacy laws of countries that have access to my data The vendor suitably sanitises storage media storing my data at its end of life The vendor securely monitors the computers that store or process my data Use my existing tools to monitor my use of the vendor s services Retain legal ownership of my data The vendor has a secure gateway environment The vendor s gateway is certified by an authoritative third party The vendor provides a suitable content filtering capability The vendor s security posture is supported by policies and processes 18
19 The vendor s security posture is supported by direct technical controls Audit the vendor s security or access reputable third-party audit reports The vendor supports the identity and access management system that I use Users access and store sensitive data only via trusted operating environments The vendor uses endorsed physical security products and devices The vendor s procurement process for software and hardware is trustworthy The vendor adequately separates me and my data from other customers Using the vendor s cloud does not weaken my network security posture Have the option of using computers that are dedicated to my exclusive use When I delete my data, the storage media is sanitised before being reused The vendor does not know the password or key used to decrypt my data The vendor performs appropriate personnel vetting and employment checks Actions performed by the vendor s employees are logged and reviewed Visitors to the vendor s data centres are positively identified and escorted Vendor data centres have cable management practices to identify tampering Vendor security considerations apply equally to the vendor s subcontractors The vendor is contactable and provides timely responses and support reviewed the vendor s security incident response plan The vendor s employees are trained to detect and handle security incidents The vendor will notify me of security incidents The vendor will assist me with security investigations and legal discovery Access audit logs and other evidence to perform a forensic investigation Receive adequate compensation for a security breach caused by the vendor Storage media storing sensitive data can be adequately sanitised 19
20 Appendix II Checklist for cloud service selection SaaS Compliance Yes No Comment Does the application require specialized technical knowledge or requires customization that a SaaS vendor cannot offer? Does the application require large bandwidth on a regular basis? Is the SaaS cheaper than on-premise application? Does the SaaS provider adhere to regulatory law in relation to privacy and public record- keeping requirements? Does the SaaS reports conform to MCA requirements? PaaS Is the project a collaborative software development project that involves multiple agencies? Do the programming languages and server side technologies offered by the provider match MCA needs? Is it less costly to run the applications in PaaS than in-premise IaaS Does the MCA have enough staff capacity to manage the IaaS? Does the provider meet the connectivity, storage and redundancy needs to ensure services availability? Is it cheaper to acquire IaaS or in-premise hosting? Does the provider meet the commonly used standards for access? Does the MCA have an exit strategy from the provider and to take their existing data out of the solution and move it to another one? Does the MCAs capable of taking full advantage of pay-per-use pricing of the data center for IaaS 20
21 APPENDIX III Checklist for selecting cloud deployment model Public Cloud Compliance Yes No Comment Has the MCA carried out a risk assessment based on Appendix 1 to determine the balance between cost and security of this model. Pivate Cloud Has the MCA carried out a risk assessment based on Appendix 1 to determine the balance between cost and security of this model? Community Cloud Does the MCA have other MCAs with similar security requirements and in need of processing and storing data of similar requirements? Hybrid Cloud Is there a justifiable business case for this model? 21
22 APPENDIX III Checklist for SLA Subject Requirement Yes No Comments General requirements The adoption of cloud services will require agencies to build new skills and capabilities into their workforce. In particular, agencies will require a high level of proficiency in procurement, contract negotiation and management, and supplier performance management to ensure value for money is realised. MCAs shall look to first adopt cloud services for those areas where the market has already achieved an acceptable level of maturity. Mature areas typically have begun to extend their focus from delivery pure functionality to additional attributes like security, availability, performance and interoperability. Liability MCAs shall ensure SLAs cover issues such as ending the arrangement, dispute resolution, early warning of bankruptcy (or similar), compensation for data loss/misuse, change of control and assignment/novation, change of terms at the discretion of the provider. 22
23 Information security MCAs shall ensure that data is stored in agreed locations, and is retrievable inside agreed timeframes MCAs shall retain control over any data or information that is placed in a cloud service and ensure it is adequately protected from loss. MCAs shall carry out a risk assessment to determine the information security viability of migrating to a cloud. The checklist in Appendix 1 shall serve as a guide. MCAs shall ensure the provider is audited by a third party to determine their compliance with GoK information security standards. Privacy of any data stored on a cloud computing service must be maintained in accordance with statutory/regulatory obligations The chosen solution should not require significant firewall rule changes. For example, port 80 and port 443 should be sufficient for the solution to function (these ports are usually open already). MCAs shall ensure data is permanently deleted from a provider s storage media when migrating MCAs shall be aware of Kenya legislative and regulatory requirements when storing personal data (e.g. the Kenya Information Privacy laws and the Public laws). MCAs shall ensure the location of the data is consistent with local legislation All stored and transmitted data must be encrypted Disaster Recovery expectations must be defined (e.g. worse case recovery commitment 23
24 Inter operability and portability d. The following requirements should be carefully considered when identifying a suitable solution: active directory integration single sign on MCAs shall ensure that the cloud provider supports open standards that guarantee:- - Workload migration where a workload that executes in one cloud provider can be uploaded in another cloud provider - Data migration: Data that resides in one cloud provider can be moved to another cloud provider - User authentication: User who has established an identity with a cloud provider can use the same identity with another cloud provider. - Workload management: Custom tools developed for cloud workload management can be used to manage multiple cloud resources from different vendors. MCAs shall ensure that the cloud deployment model supports common standards on: v. application interfaces; vi. portability interfaces; vii. management interfaces; file formats; and operation conventions Availability MCAs shall ensure there is an SLA with the cloud provider for 99.99% during work days, 99.9% for nights/weekend Performance Cost Service level agreements shall ensure maximum service response times MCAs shall consider the total cost of ownership (TCO) of a cloud service, compared to that of an equivalent on-premise service. Sustainability For MCAs providing cloud services, the cost of deploying and maintaining cloud computing infrastructure is very huge and therefore there is need to be able to recover it back. MCAs shall select a chargeback model that adequately fits the consumers and Government needs i.e iv. Pay - as -you- grow v. Usage based pricing vi. Elasticity model 24
25 Privacy MCAs shall ensure the cloud providers adheres to regulatory law in relation to privacy and public record-keeping requirements. MCAs shall consider any legal obligations they have towards customers or other parties, and whether cloud will allow them to continue to meet them. Vendor lockin MCAs shall ensure that the cloud solution supports quick entry quick exit low cost solutions. MCAs shall have an exit strategy in case they intend to change providers MCAs shall not pursue a solution if: A solution providers want months of preparation to assess agency needs or conduct training the solution involves an extended lock-in period for the agency the solution involves substantial financial investment The cost of the solution should be such that if the solution fails to satisfy agency requirements, it is considered low risk to terminate the service or try another service. In addition, the costs should be simple and straight forward. A convoluted pricing model is uncommon for cloud services and should be carefully considered during evaluation. Integration MCAs shall ensure that migrating to cloud will meet any functional and data-integration requirements the organization has in place. 25
26 Appendix IV: Related Documents Code Number: ICTA : 2016 ICTA : 2016 ICTA : 2016 ICTA : 2016 ICTA : 2016 ICTA : 2016 ICTA.7.001:2016 Title Government Enterprise Architecture Infrastructure Standard (Networks, Cloud, End user Computing Device, Data Centre) Information Security Standard Electronic Records and Data Management Standard IT Governance Standard Systems and Application Standard ICT Human Capital and Work force Development Standard 26
27 ICT Authority Telposta Towers, 12th Floor, Kenyatta Ave P.O. Box Nairobi, Kenya t: /62 info@ict.go.ke or communications@ict.go.ke or standards@ict.go.ke Visit: Become a fan: Follow us on 27
28
Cloud First Policy General Directorate of Governance and Operations Version April 2017
General Directorate of Governance and Operations Version 1.0 24 April 2017 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy...
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationNATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES
NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES DOCUMENT DETAIL Security Classification Unclassified Authority National Information Technology Authority - Uganda
More informationCOMPTIA CLO-001 EXAM QUESTIONS & ANSWERS
COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS Number: CLO-001 Passing Score: 800 Time Limit: 120 min File Version: 39.7 http://www.gratisexam.com/ COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS Exam Name: CompTIA
More informationOFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA
OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA 22041-3206 TRICARE MANAGEMENT ACTIVITY MEMORANDUM FOR: SEE DISTRIBUTION SUBJECT:
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationWhat is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller
A guide to CLOUD COMPUTING 2014 Cloud computing Businesses that make use of cloud computing are legally liable, and must ensure that personal data is processed in accordance with the relevant legislation
More informationCloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson
Presentation to AGA April 20, 2017 Mike Teller Steve Wilson Agenda: What is cloud computing? What are the potential benefits of cloud computing? What are some of the important issues agencies need to consider
More informationChoosing a Secure Cloud Service Provider
Choosing a Secure Cloud Service Provider Dr. Ricci IEONG, CISSP, CISA, CISM, CCSK, CCSP, CEH,GPEN, GIAC Advisory Board, ISSAP, ISSMP, F.ISFS Vice President Professional Development Cloud Security Alliance
More informationBuilding a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.
Building a Secure and Compliant Cloud Infrastructure Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc. Why Are We Here? Expanded Enterprise Data access anywhere, anytime
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationASD CERTIFICATION REPORT
ASD CERTIFICATION REPORT Amazon Web Services Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), Elastic Block Store (EBS) and Simple Storage Service (S3) Certification Decision ASD certifies Amazon
More informationCloud Computing and Its Impact on Software Licensing
Cloud Computing and Its Impact on Software Licensing By Gretchen Kwashnik & Jim Cecil January 25, 2012 What is Cloud Computing? Cloud computing is a model for enabling: on-demand network access to a shared
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationClouds in the Forecast. Factors to Consider for In-House vs. Cloud-Based Systems and Services
Clouds in the Forecast Factors to Consider for In-House vs. Cloud-Based Systems and Services Speakers Sam Gabal Sam Gabal is a Sales Executive with Origami Risk, based in Orange County and experienced
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationCLOUD COMPUTING READINESS CHECKLIST
CLOUD COMPUTING READINESS DAVE WILLIS STEPHEN GOLDSMITH SUBJECT MATTER EXPERTS, CLOUD COMPUTING DENOVO DAVE WILLIS STEPHEN GOLDSMITH SUBJECT MATTER EXPERTS, CLOUD COMPUTING DENOVO 1 CONTENTS INTRODUCTION
More informationIBM Case Manager on Cloud
Service Description IBM Case Manager on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients of the
More informationTopics of Discussion
CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies Lecture on NIST Cloud Computing Definition, Standards & Roadmap, Security & Privacy Guidelines Spring 2013 A Specialty Course for Purdue
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast
21 ALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast The NIST Definition of Cloud Computing: Recommendations of the National Institute of Standards
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationLeveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group
Leveraging the Cloud for Law Enforcement Richard A. Falkenrath, PhD Principal, The Chertoff Group Law Enforcement Information Management Training Conference & Technology Exposition May 21,2013 Outline
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationGetting Hybrid IT Right. A Softchoice Guide to Hybrid Cloud Adoption
Getting Hybrid IT Right A Softchoice Guide to Hybrid Cloud Adoption Your Path to an Effective Hybrid Cloud The hybrid cloud is on the radar for business and IT leaders everywhere. IDC estimates 1 that
More informationIBM Security Intelligence on Cloud
Service Description IBM Security Intelligence on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients
More information2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.
Diageo Third Party Hosting Standard 1. Purpose This document is for technical staff involved in the provision of externally hosted solutions for Diageo. This document defines the requirements that third
More informationShaping the Cloud for the Healthcare Industry
Shaping the Cloud for the Healthcare Industry Louis Caschera Chief Information Officer CareTech Solutions www.caretech.com > 877.700.8324 Information technology (IT) is used by healthcare providers as
More informationMySQL CLOUD SERVICE. Propel Innovation and Time-to-Market
MySQL CLOUD SERVICE Propel Innovation and Time-to-Market The #1 open source database in Oracle. Looking to drive digital transformation initiatives and deliver new modern applications? Oracle MySQL Service
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationINTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationMANAGING STATISTICAL DEVELOPMENT AND INFORMATION TECHNOLOGY IN THE STATISTICAL SYSTEM OF MALAYSIA
SIXTH MANAGEMENT SEMINAR FOR HEADS OF NATIONAL STATISTICAL OFFICES IN ASIA AND THE PACIFIC. 28 30 MAY 2007, HONG KONG, CHINA 1. Introduction MANAGING STATISTICAL DEVELOPMENT AND INFORMATION TECHNOLOGY
More informationModernising the public sector through the cloud
Modernising the public sector through the cloud Alison Gillwald (PhD) & Mpho Moyo Executive Director: Research ICT Africa RIA Associate Adjunct Professor: University of Cape Town RIA Workshop RANICTP2
More informationSparta Systems TrackWise Digital Solution
Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationLevel 3 Certificate in Cloud Services (for the Level 3 Infrastructure Technician Apprenticeship) Cloud Services
9628-08 Level 3 Certificate in Cloud Services (for the Level 3 Infrastructure Technician Apprenticeship) 9628-808 Cloud Services Sample question paper Duration: 60 minutes Candidate s name: Candidate s
More informationMigration to Cloud Computing: Roadmap for Success
Migration to Cloud Computing: Roadmap for Success Mohammed Elazab, Professor Emeritus Higher Technological Institute, Tenth of Ramadan, Egypt President, Human and Technology Development Foundation Chairman,
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationBusiness Technology Briefing: Fear of Flying, And How You Can Overcome It
Business Technology Briefing: Fear of Flying, And How You Can Overcome It Joseph Tobloski Senior Director for Data & Platforms R&D Accenture Technology Labs Fear of Flying And How You Can Overcome It May
More informationPart 1: Overview and concepts
Provläsningsexemplar / Preview INTERNATIONAL STANDARD ISO/IEC 19086-1 First edition 2016-09-15 Information technology Cloud computing Service level agreement (SLA) framework Part 1: Overview and concepts
More informationFuture Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013
Future Shifts in Enterprise Architecture Evolution IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013 Agenda Terminology & Definitions Evolution to Cloud Cloud Adoption Appendix 2013
More informationCloud Security Standards
Cloud Security Standards Classification: Standard Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January 2018 Next
More informationSecure Messaging Mobile App Privacy Policy. Privacy Policy Highlights
Secure Messaging Mobile App Privacy Policy Privacy Policy Highlights For ease of review, Everbridge provides these Privacy Policy highlights, which cover certain aspects of our Privacy Policy. Please review
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationSparta Systems Stratas Solution
Systems Solution 21 CFR Part 11 and Annex 11 Assessment October 2017 Systems Solution Introduction The purpose of this document is to outline the roles and responsibilities for compliance with the FDA
More informationAgenda. Bibliography
Humor 2 1 Agenda 3 Trusted Digital Repositories (TDR) definition Open Archival Information System (OAIS) its relevance to TDRs Requirements for a TDR Trustworthy Repositories Audit & Certification: Criteria
More informationSparta Systems TrackWise Solution
Systems Solution 21 CFR Part 11 and Annex 11 Assessment October 2017 Systems Solution Introduction The purpose of this document is to outline the roles and responsibilities for compliance with the FDA
More informationHPE DATA PRIVACY AND SECURITY
ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection
More informationHow to avoid storms in the cloud. The Australian experience and global trends
How to avoid storms in the cloud The Australian experience and global trends Discussion Topics 1. Understanding Cloud and Benefits 2. KPMG research The Australian Experience and Global Trends 3. Considerations
More informationEXHIBIT A. - HIPAA Security Assessment Template -
Department/Unit: Date: Person(s) Conducting Assessment: Title: 1. Administrative Safeguards: The HIPAA Security Rule defines administrative safeguards as, administrative actions, and policies and procedures,
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationSDL Privacy Policy Cloud Services
SDL Privacy Policy Cloud Services Software-As-A-Service Products Version 11-04-2017 v1.4 SDL plc Globe House Clivemont Road, Maidenhead SL6 7DY England www.sdl.com SDL Tridion Infrastructure Summary This
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationRADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE
ADIAN6 SECUITY, PIVACY, AND ACHITECTUE Last Updated: May 6, 2016 Salesforce s Corporate Trust Commitment Salesforce is committed to achieving and maintaining the trust of our customers. Integral to this
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 29151 First edition 2017-08 Information technology Security techniques Code of practice for personally identifiable information protection Technologies de l'information Techniques
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationIBM Case Manager on Cloud
Service Description IBM Case Manager on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means the company and its authorized users and recipients of the Cloud
More informationTotal Cost of Ownership: Benefits of ECM in the OpenText Cloud
Total Cost of Ownership: Benefits of ECM in the OpenText Cloud OpenText Managed Services brings together the power of an enterprise cloud platform with the technical skills and business experience required
More informationFUJITSU Backup as a Service Rapid Recovery Appliance
FUJITSU Backup as a Service Rapid Recovery Appliance The unprecedented growth of business data The role that data plays in today s organisation is rapidly increasing in importance. It guides and supports
More informationTotal Cost of Ownership: Benefits of the OpenText Cloud
Total Cost of Ownership: Benefits of the OpenText Cloud OpenText Managed Services in the Cloud delivers on the promise of a digital-first world for businesses of all sizes. This paper examines how organizations
More informationDATA PROCESSING TERMS
DATA PROCESSING TERMS Safetica Technologies s.r.o. These Data Processing Terms (hereinafter the Terms ) govern the rights and obligations between the Software User (hereinafter the User ) and Safetica
More informationCloud Security Standards Supplier Survey. Version 1
Cloud Security Standards Supplier Survey Version 1 Document History and Reviews Version Date Revision Author Summary of Changes 0.1 May 2018 Ali Mitchell New document 1 May 2018 Ali Mitchell Approved Version
More informationTHE DATA CENTER AS A COMPUTER
THE DATA CENTER AS A COMPUTER Cloud Computing November- 2013 FIB-UPC Master MEI CLOUD COMPUTING It s here to stay CONTENT 1. How do we get here? 2. What is Cloud Computing? 3. Definitons and types 4. Case
More informationEnsuring business continuity with comprehensive and cost-effective disaster recovery service.
Singtel Business Product Brochure Managed Disaster Recovery-as-a-Service Ensuring business continuity with comprehensive and cost-effective disaster recovery service. Singtel Managed Disaster Recovery-as-a-Service
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationSERVERS / SERVICES AT DATA CENTER AND CO-LOCATION POLICY
SERVERS / SERVICES AT DATA CENTER AND CO-LOCATION POLICY National Video Conferencing Network Version 1.0 Released January 01, 2014 HIGHER EDUCATION COMMISSION, PAKISTAN 1 GENERAL The Higher Education Commission
More informationIsaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.
Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This
More informationAn Overview of ISO/IEC family of Information Security Management System Standards
What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information
More informationCLOUD COMPUTING-ISSUES AND CHALLENGES
CLOUD COMPUTING-ISSUES AND CHALLENGES Asstt. Prof.Vandana S.D.S.P.Memorial College for Women, Rayya (India) ABSTRACT Cloud computing is a multifaceted technological paradigm that is outgrowth of decades
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationNetwork Security Policy
Network Security Policy Date: January 2016 Policy Title Network Security Policy Policy Number: POL 030 Version 3.0 Policy Sponsor Policy Owner Committee Director of Business Support Head of ICU / ICT Business
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationCloud Computing: Making the Right Choice for Your Organization
Cloud Computing: Making the Right Choice for Your Organization A decade ago, cloud computing was on the leading edge. Now, 95 percent of businesses use cloud technology, and Gartner says that by 2020,
More informationIT Enterprise Services. Capita Private Cloud. Cloud potential unleashed
IT Enterprise Services Capita Private Cloud Cloud potential unleashed Cloud computing at its best Cloud is fast becoming an integral part of every IT strategy. It reduces cost and complexity, whilst bringing
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationWhy the cloud matters?
Why the cloud matters? Speed and Business Impact Expertise and Performance Cost Reduction Trend Micro Datacenter & Cloud Security Vision Enable enterprises to use private and public cloud computing with
More informationA guide for IT professionals. implementing the hybrid cloud
A guide for IT professionals implementing the hybrid cloud A guide for IT professionals implementing the hybrid cloud Cloud technology is maturing and advancing rapidly. And for schools today, hybrid cloud
More informationIaaS Buyer s Checklist.
Problem Solved IaaS Buyer s Checklist. Yes it s another checklist, but this one s actually useful. 2 Problem Solved Service levels. Does the provider offer your required SLA/SLG? Example: 99.9%, 99.95%,100%
More informationSecurity and Compliance at Mavenlink
Security and Compliance at Mavenlink Table of Contents Introduction....3 Application Security....4....4....5 Infrastructure Security....8....8....8....9 Data Security.... 10....10....10 Infrastructure
More informationCloud Computing Introduction & Offerings from IBM
Cloud Computing Introduction & Offerings from IBM Gytis Račiukaitis IT Architect, IBM Global Business Services Agenda What is cloud computing? Benefits Risks & Issues Thinking about moving into the cloud?
More informationISO/IEC TR TECHNICAL REPORT
TECHNICAL REPORT ISO/IEC TR 27019 First edition 2013-07-15 Information technology Security techniques Information security management guidelines based on ISO/IEC 27002 for process control systems specific
More informationData Security, Integrity and Accessibility in the Cloud
Data Security, Integrity and Accessibility in the Cloud Shared Responsibility Principles for Financial Services Institutions & Cloud Service Providers Introduction This document presents principles intended
More informationMigrating Applications to the Cloud
Migrating Applications to the Cloud Mr. John Hale Chief, DISA Cloud Services May, 2018 1 Disclaimer The information provided in this briefing is for general information purposes only. It does not constitute
More informationDraft Applicant Guidebook, v3
Draft Applicant Guidebook, v3 Module 5 Please note that this is a discussion draft only. Potential applicants should not rely on any of the proposed details of the new gtld program as the program remains
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationCloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017
Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and
More informationChapter 4. Fundamental Concepts and Models
Chapter 4. Fundamental Concepts and Models 4.1 Roles and Boundaries 4.2 Cloud Characteristics 4.3 Cloud Delivery Models 4.4 Cloud Deployment Models The upcoming sections cover introductory topic areas
More informationEU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017
EU Cloud Computing Policy Luis C. Busquets Pérez 26 September 2017 The digital revolution is built on data Most economic activity will depend on data within a decade Potential of the data-driven economy
More informationVMware vcloud Air Accelerator Service
DATASHEET AT A GLANCE The VMware vcloud Air Accelerator Service assists customers with extending their private VMware vsphere environment to a VMware vcloud Air public cloud. This Accelerator Service engagement
More informationDATACENTER AS A SERVICE. We unburden you at the level you desire
DATACENTER AS A SERVICE We unburden you at the level you desire MARKET TREND BY VARIOUS ANALYSTS The concept of flexible and scalable computing is a key reason to create a Cloud based architecture 77%
More information